Cryptography Reference
In-Depth Information
Computing the Verify Message
To compute this verify message, then, it's necessary to keep a running hash
of every byte that's sent or received with a message type of
handshake
. This is,
incidentally, why I spent so much time in Chapter 4 on creating an “updateable”
HMAC function; without the updateable HMAC function, it would have been
necessary here to buffer all this data and pass it as a gigantic memory array
into the HMAC function.
Instead, following these steps:
1. Add a pair of
digest_ctx
objects to the
TLSParameters
as shown in Listing 6-46;
the verify data is actually based on a combination of both MD5 and SHA
(similar to the PRF).
Listing 6-46:
“tls.h” TLSParameters with digest contexts
typedef struct
{
…
int server_hello_done;
digest_ctx md5_handshake_digest;
digest_ctx sha1_handshake_digest;
}
TLSParameters;
2. At the top of
tls_connect
, initialize them both, in Listing 6-47.
Listing 6-47:
“tls.c” tls_connect with handshake digests
int tls_connect( int connection,
TLSParameters *parameters )
{
init_parameters( parameters );
new_md5_digest( ¶meters->md5_handshake_digest );
new_sha1_digest( ¶meters->sha1_handshake_digest );
3. Modify
send_handshake_message
, as shown in Listing 6-48, to update the
running digest every time a handshake message is sent.
Listing 6-48:
“tls.c” send_handshake_message with handshake digest update
static int send_handshake_message( int connection,
int msg_type,
const unsigned char *message,
int message_len,
TLSParameters *parameters )
{
...
update_digest( ¶meters->md5_handshake_digest, send_buffer,
send_buffer_size );
(Continued)
Search WWH ::
Custom Search